package com.mobilesecuritycard.openmobileapi.service.security.ara;

import com.mobilesecuritycard.openmobileapi.service.CardException;
import com.mobilesecuritycard.openmobileapi.service.security.AccessController;
import com.mobilesecuritycard.openmobileapi.service.security.ApduFilter;
import com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.AID_REF_DO;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.AR_DO;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.BerTlv;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.DO_Exception;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.Hash_REF_DO;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.ParserException;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.REF_DO;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.Response_AR_DO;
import com.mobilesecuritycard.openmobileapi.service.security.gpac.dataobjects.Response_DO_Factory;
import java.io.ByteArrayOutputStream;
import java.security.AccessControlException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes.dex */
public class AraControlDB {
    private AccessRuleApplet mApplet;
    private long mRefreshTag = 0;
    private Map mRuleCache = new HashMap();

    private REF_DO buildHashMapKey(byte[] bArr, byte[] bArr2) {
        return new REF_DO(getAidRefDo(bArr), new Hash_REF_DO(bArr2));
    }

    private ChannelAccess findAccessRuleInCache(byte[] bArr, byte[] bArr2) {
        return (ChannelAccess) this.mRuleCache.get(buildHashMapKey(bArr, bArr2));
    }

    private AID_REF_DO getAidRefDo(byte[] bArr) {
        return (bArr == null || Arrays.equals(bArr, new byte[5])) ? new AID_REF_DO(AID_REF_DO._TAG_DEFAULT_APPLICATION) : new AID_REF_DO(79, bArr);
    }

    private ChannelAccess mapArDo2ChannelAccess(REF_DO ref_do, AR_DO ar_do) {
        ChannelAccess channelAccess = new ChannelAccess();
        if (ar_do.getApduArDo() != null) {
            channelAccess.setNoAccess(false, "");
            channelAccess.setUseApduFilter(false);
            if (ar_do.getApduArDo().isApduAllowed()) {
                ArrayList apduHeaderList = ar_do.getApduArDo().getApduHeaderList();
                ArrayList filterMaskList = ar_do.getApduArDo().getFilterMaskList();
                if (apduHeaderList == null || filterMaskList == null || apduHeaderList.size() <= 0 || apduHeaderList.size() != filterMaskList.size()) {
                    channelAccess.setApduAccess(true);
                } else {
                    ApduFilter[] apduFilterArr = new ApduFilter[apduHeaderList.size()];
                    for (int i = 0; i < apduHeaderList.size(); i++) {
                        apduFilterArr[i] = new ApduFilter((byte[]) apduHeaderList.get(i), (byte[]) filterMaskList.get(i));
                    }
                    channelAccess.setUseApduFilter(true);
                    channelAccess.setApduFilter(apduFilterArr);
                }
            } else {
                channelAccess.setApduAccess(false);
            }
        } else {
            channelAccess.setNoAccess(true, "No APDU access rule available.!");
        }
        if (ar_do.getNfcArDo() != null) {
            channelAccess.setNFCEventAllowed(ar_do.getNfcArDo().isNfcAllowed());
        } else {
            channelAccess.setNFCEventAllowed(false);
        }
        this.mRuleCache.put(ref_do, channelAccess);
        return channelAccess;
    }

    private void putAccessRuleInCache(byte[] bArr, byte[] bArr2, ChannelAccess channelAccess) {
        this.mRuleCache.put(buildHashMapKey(bArr, bArr2), channelAccess);
    }

    private ChannelAccess readAccessRule(byte[] bArr, Certificate[] certificateArr) throws AccessControlException, CardException {
        try {
            REF_DO buildHashMapKey = buildHashMapKey(bArr, AccessController.getAppCertHash(certificateArr[0]));
            for (Certificate certificate : certificateArr) {
                try {
                    AR_DO readSpecificAccessRule = readSpecificAccessRule(new REF_DO(getAidRefDo(bArr), new Hash_REF_DO(AccessController.getAppCertHash(certificate))));
                    if (readSpecificAccessRule != null) {
                        return mapArDo2ChannelAccess(buildHashMapKey, readSpecificAccessRule);
                    }
                } catch (CertificateEncodingException e) {
                    throw new AccessControlException("Problem with App Certificate.");
                }
            }
            AR_DO readSpecificAccessRule2 = readSpecificAccessRule(new REF_DO(getAidRefDo(bArr), new Hash_REF_DO()));
            if (readSpecificAccessRule2 != null) {
                return mapArDo2ChannelAccess(buildHashMapKey, readSpecificAccessRule2);
            }
            for (Certificate certificate2 : certificateArr) {
                try {
                    AR_DO readSpecificAccessRule3 = readSpecificAccessRule(new REF_DO(new AID_REF_DO(79), new Hash_REF_DO(AccessController.getAppCertHash(certificate2))));
                    if (readSpecificAccessRule3 != null) {
                        return mapArDo2ChannelAccess(buildHashMapKey, readSpecificAccessRule3);
                    }
                } catch (CertificateEncodingException e2) {
                    throw new AccessControlException("Problem with App Certificate.");
                }
            }
            AR_DO readSpecificAccessRule4 = readSpecificAccessRule(new REF_DO(new AID_REF_DO(79), new Hash_REF_DO()));
            if (readSpecificAccessRule4 != null) {
                return mapArDo2ChannelAccess(buildHashMapKey, readSpecificAccessRule4);
            }
            return null;
        } catch (CertificateEncodingException e3) {
            throw new AccessControlException("Problem with App Certificate.");
        }
    }

    private AR_DO readSpecificAccessRule(REF_DO ref_do) throws AccessControlException, CardException {
        BerTlv createDO;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ref_do.build(byteArrayOutputStream);
            byte[] readSpecificAccessRule = this.mApplet.readSpecificAccessRule(byteArrayOutputStream.toByteArray());
            if (readSpecificAccessRule != null && (createDO = Response_DO_Factory.createDO(readSpecificAccessRule)) != null) {
                if (createDO instanceof Response_AR_DO) {
                    return ((Response_AR_DO) createDO).getArDo();
                }
                throw new AccessControlException("Applet returned invalid or wrong data object!");
            }
            return null;
        } catch (DO_Exception e) {
            throw new AccessControlException("Data Object Exception: " + e.getMessage());
        } catch (ParserException e2) {
            throw new AccessControlException("Parsing Data Object Exception: " + e2.getMessage());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x0017, code lost:
    
        if (r0 != null) goto L6;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess getAccessRule(byte[] r7, java.security.cert.Certificate[] r8) throws java.security.AccessControlException, com.mobilesecuritycard.openmobileapi.service.CardException, java.security.cert.CertificateEncodingException {
        /*
            r6 = this;
            r5 = 0
            com.mobilesecuritycard.openmobileapi.service.security.ara.AccessRuleApplet r0 = r6.mApplet
            long r0 = r0.readRefreshTag()
            r2 = r8[r5]
            byte[] r2 = com.mobilesecuritycard.openmobileapi.service.security.AccessController.getAppCertHash(r2)
            long r3 = r6.mRefreshTag
            int r3 = (r3 > r0 ? 1 : (r3 == r0 ? 0 : -1))
            if (r3 != 0) goto L1a
            com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess r0 = r6.findAccessRuleInCache(r7, r2)
            if (r0 == 0) goto L21
        L19:
            return r0
        L1a:
            java.util.Map r3 = r6.mRuleCache
            r3.clear()
            r6.mRefreshTag = r0
        L21:
            com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess r0 = r6.readAccessRule(r7, r8)
            if (r0 != 0) goto L38
            com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess r0 = new com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess
            r0.<init>()
            r1 = 1
            java.lang.String r3 = "no access rule found!"
            r0.setNoAccess(r1, r3)
            r0.setApduAccess(r5)
            r0.setNFCEventAllowed(r5)
        L38:
            r6.putAccessRuleInCache(r7, r2, r0)
            goto L19
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mobilesecuritycard.openmobileapi.service.security.ara.AraControlDB.getAccessRule(byte[], java.security.cert.Certificate[]):com.mobilesecuritycard.openmobileapi.service.security.ChannelAccess");
    }

    public AccessRuleApplet getApplet() {
        return this.mApplet;
    }

    public void setApplet(AccessRuleApplet accessRuleApplet) {
        this.mApplet = accessRuleApplet;
    }
}
